{"id":"CVE-2022-46391","details":"AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.","modified":"2026-05-28T03:54:45.896092422Z","published":"2022-12-04T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/46xxx/CVE-2022-46391.json","cna_assigner":"mitre"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/46xxx/CVE-2022-46391.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46391"},{"type":"FIX","url":"https://github.com/eldy/AWStats/pull/226"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eldy/awstats","events":[{"introduced":"5222c4c292456563b6b1a31f760709c9d2689c7c"},{"fixed":"758463e012031b8fbad556d2bd58f1527d982516"}]}],"versions":["7.7","AWSTATS_7_7","AWSTATS_7_6","7.6","AWSTATS_7_5","7.5","AWSTATS_7_4","AWSTATS_7_3","AWSTATS_7_2","AWSTATS_7_1","AWSTATS_7_1_BETA3","AWSTATS_7_1_BETA2","AWSTATS_7_0_BETA3","AWSTATS_7_0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46391.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}